- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
We have enabled above option as "before last" & after checking logs we are getting random ip's are still trying to connect external DNS servers.even though we have explicit rule configured for our internal DNS. Would like to know as per behaviour all DNS logs should hit to explicit rule, but not occurring in this scenario.
anyone provide me answer why external DNS request's are hitting over Implied rules (Configrued as "before last" under global properties)
even when an explicit rule has priority.
HOTFIX_R80_40_JUMBO_HF_MAIN Take: 125
To clarify you have configured a rule specifically to "drop" this DNS traffic higher in the policy that is not matching?
Perhaps it is easier to work this with TAC if you're uncomfortable with showing the relevant policy rules & log card detail here.
Hello Chris,
I had allowed in any for all DNS traffic in explicit rule on higher priority but still traffic for external DNS hitting implicit rule.
As above please provide more details of the policy, log card & matched rules tab so we can help.
Hello Chris
Getting SOA packet for which Implied rule action accept. I have attached all logs
These are VPN user 10.0.0.0 IP range some user hitting external DNS with SOA packet.
We are planning to disable Global Properties "Accept Domain Name over UDP (Queries )" will it impact legitimate traffic.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY